Giorgos Keramidas keramida at ceid.upatras.gr
Fri Dec 23 15:50:34 UTC 2005

On 2005-12-22 23:48, kirubiru <kirubiru at hotpop.com> wrote:
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-apps.html
> "...different people have different requirements and preferences."
> How about giving some simple characteristic of each?
> PF is secure, IPFW is easy to administer, etc. Something to help me
> pick one. Bye all.

I don't think "more secure" is something we should easily write in an
official document, like the Handbook.  The three firewalls that work on
FreeBSD now are equally 'secure' when it comes to blocking unwanted

Ease of administration is something extremely subjective too.  Some may
find IPFW easier to administer, because they have spent a lot of time
reading the ipfw(8), natd(8) and dummynet(4) documentation, written
thousands of lines of rules for dozens of machines using IPFW and
DUMMYNET, etc.  Others may tell you that PF is easier to administer,
because they use it a lot and feel more comfortable with it.  Then, some
people, especially those who find themselves working with Solaris or
other machines that support IPFILTER too, will tell you that IPFILTER is
the one they feel more acquainted with.

It's all a matter of what features you need and what *you* feel nice
working with, I guess.

- Giorgos

More information about the freebsd-doc mailing list